Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/y4pn8ef6LK30XzfDMUs6wyEokM4.roa
File: y4pn8ef6LK30XzfDMUs6wyEokM4.roa (raw, json)
Hash identifier: I4ULs5FBCxf38LYsflYeF3hLTzrSoJrl/m+qLBIcv8U=
Subject key identifier: CB:8A:67:F1:E7:FA:2C:AD:F4:5F:37:C3:31:4B:3A:C3:21:28:90:CE
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 15AD
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y4pn8ef6LK30XzfDMUs6wyEokM4.roa
Signing time: Wed 04 Jun 2025 23:39:21 +0000
ROA not before: Wed 04 Jun 2025 23:39:21 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5549 (0x15ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 4 23:39:21 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CB8A67F1E7FA2CADF45F37C3314B3AC3212890CE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:cc:46:63:fb:6b:23:ce:e4:ec:8d:d6:f8:c1:
e6:95:0d:65:84:ee:35:cf:57:33:cd:06:2a:e7:5d:
c8:49:85:5d:fa:ba:26:1d:ff:a4:9e:5c:bc:fa:d8:
2c:a0:47:11:3f:dd:3a:91:de:77:ab:17:b7:ac:ff:
7f:93:aa:ac:ca:c7:85:3c:14:54:0f:94:5d:e3:97:
3d:12:27:e8:ca:28:cd:25:bd:7f:c5:16:e5:3b:85:
a6:36:b5:fd:0f:9b:a8:9a:46:47:40:6e:d6:73:9a:
64:ef:61:bc:62:66:cf:bc:8f:54:7b:de:03:0e:86:
ef:02:fc:81:40:7f:49:ad:f6:71:ea:ea:4c:1d:3d:
cb:03:02:7e:d5:37:02:63:45:59:5a:7b:38:f4:a9:
d2:68:ec:24:49:0c:11:88:78:6a:33:39:76:a7:a5:
8b:6d:4f:b5:19:16:19:d7:6e:a2:09:9b:eb:15:a8:
5d:13:3a:77:53:27:7c:38:74:a3:e7:81:c5:e5:0d:
61:ca:a8:f5:1d:fd:b4:a6:3f:84:d2:0b:bc:4b:ae:
85:21:25:7a:4d:6a:24:03:3b:8b:08:d8:d7:9c:e9:
57:f8:da:e3:90:39:66:65:86:27:b5:47:46:8c:f0:
ed:b2:03:a6:e8:c9:09:80:9a:0d:49:a2:bd:ac:65:
a8:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:8A:67:F1:E7:FA:2C:AD:F4:5F:37:C3:31:4B:3A:C3:21:28:90:CE
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y4pn8ef6LK30XzfDMUs6wyEokM4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9f:b7:6b:03:c4:fa:db:f7:5a:b9:c4:1c:06:f7:20:eb:ac:9e:
d5:69:00:c4:bc:11:4a:f7:e1:95:6c:fc:85:f7:b8:56:d9:84:
ce:29:e4:ba:79:0b:7e:00:77:14:d6:1f:00:6f:97:39:02:d2:
88:c2:bc:85:cf:58:f1:5f:3b:06:28:75:43:d7:5e:af:8a:2a:
b0:ff:18:d8:d0:9a:74:7b:0d:ea:bc:7a:c4:b3:0e:69:3f:85:
bc:d8:ce:4b:e6:01:1b:07:df:5e:37:55:fc:82:78:cf:5f:46:
41:ef:b3:8c:b6:44:d1:2f:3c:ab:13:68:18:06:7b:dd:42:97:
f6:a5:c3:18:a4:9a:a6:41:9f:b2:bb:af:51:b2:21:fa:cb:0d:
15:39:fe:b3:3e:02:c7:f7:ca:fb:af:2f:a9:80:82:b4:c1:91:
de:69:02:df:d7:a6:cd:b6:21:c1:bd:76:12:cb:c8:45:04:02:
81:33:66:58:c2:13:19:ae:9a:90:e3:4e:50:68:f9:a1:e9:0d:
76:78:32:9b:08:fa:9b:88:4d:ca:f5:f6:29:e6:b9:65:4f:91:
07:60:4a:23:df:84:bc:45:2b:ca:00:cc:0f:6a:26:f6:e2:c4:
14:10:c6:05:20:9c:b6:20:45:72:23:e8:07:82:60:af:da:49:
67:ab:f5:5a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFa0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDQy
MzM5MjFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENCOEE2N0YxRTdGQTJD
QURGNDVGMzdDMzMxNEIzQUMzMjEyODkwQ0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCzEZj+2sjzuTsjdb4weaVDWWE7jXPVzPNBirnXchJhV36uiYd
/6SeXLz62CygRxE/3TqR3nerF7es/3+TqqzKx4U8FFQPlF3jlz0SJ+jKKM0lvX/F
FuU7haY2tf0Pm6iaRkdAbtZzmmTvYbxiZs+8j1R73gMOhu8C/IFAf0mt9nHq6kwd
PcsDAn7VNwJjRVlaezj0qdJo7CRJDBGIeGozOXanpYttT7UZFhnXbqIJm+sVqF0T
OndTJ3w4dKPngcXlDWHKqPUd/bSmP4TSC7xLroUhJXpNaiQDO4sI2Nec6Vf42uOQ
OWZlhie1R0aM8O2yA6boyQmAmg1Jor2sZajRAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUy4pn8ef6LK30XzfDMUs6wyEokM4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95NHBuOGVmNkxLMzBYemZE
TVVzNnd5RW9rTTQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAJ+3awPE+tv3WrnEHAb3IOusntVpAMS8EUr3
4ZVs/IX3uFbZhM4p5Lp5C34AdxTWHwBvlzkC0ojCvIXPWPFfOwYodUPXXq+KKrD/
GNjQmnR7Deq8esSzDmk/hbzYzkvmARsH3143VfyCeM9fRkHvs4y2RNEvPKsTaBgG
e91Cl/alwxikmqZBn7K7r1GyIfrLDRU5/rM+Asf3yvuvL6mAgrTBkd5pAt/Xps22
IcG9dhLLyEUEAoEzZljCExmumpDjTlBo+aHpDXZ4MpsI+puITcr19inmuWVPkQdg
SiPfhLxFK8oAzA9qJvbixBQQxgUgnLYgRXIj6AeCYK/aSWer9Vo=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:39:05 2025 by rpki-client